IBM Support

Risk-based access: Error when publishing risk-based access policy

Technote (troubleshooting)


Problem(Abstract)

When you publish a risk-based access policy by using the manageRbaPolicy command, you might get a ClassNotFound exception.

Resolving the problem

When you try to publish a rule file by using the manageRbaPolicy command, if the policy contains unexpected characters such as “@{rba.risk.score}”, the conversion of the rule file into the runtime security service XACML format fails.

However, instead of a failure message, the following exception occurs:
JMXTransformException java.lang.ClassNotFoundException: com.tivoli.am.rba.xacmlg.TokenMgrError

You can ignore this exception, because the failure is not actually related to a CLASSPATH issue. The WebSphere Application Server wsadmin client class path settings do not require any changes.

The problem is due to policy validation. Hence, the content of the risk-based access policy rule file must be inspected to remove invalid tokens such as “@{rba.risk.score}”.

Related information

Risk-based access information center

Document information

More support for: Tivoli Federated Identity Manager

Software version: 6.2.2

Operating system(s): AIX, Linux, Windows

Reference #: 1622502

Modified date: 17 January 2013